I'd always imagined that the 3rd party code had been downloaded, checked and installed.
Even if it was being run off their servers, can you imagine the conversation?
developer, running into the room:
We need to update foo.js to version 3.4.7.1.8.
sysadmin:
Have you checked that it's got no security issues?
developer:
Marketing want us to have the flibble text flashing and the new version of foo reinstates the blink tag. They want it live half an hour ago because they've already got the adverts running.
sysadmin:
I really think we should test this...
developer:
No time, just put it live!